* directory without search permission is searchable?
@ 2020-02-26 5:30 Jun T
2020-02-26 7:42 ` Thomas Wolff
0 siblings, 1 reply; 5+ messages in thread
From: Jun T @ 2020-02-26 5:30 UTC (permalink / raw)
To: cygwin
It seems 'ls -l dir/file' or 'stat dir/file' succeeds even if
I don't have read/search permission for the 'dir'.
Create a directory and a file in it:
$ mkdir tmpdir
$ ls -ld tmpdir
drwxr-xr-x+ 1 takimoto none 0 Feb 26 12:46 tmpdir
$ touch tmpdir/afile
$ ls -l tmpdir/afile
-rw-r--r-- 1 takimoto 0 none Feb 26 12:46 tmpdir/afile
Remove all permissions from tmpdir:
$ chmod 0000 tmpdir
$ ls -ld tmpdir
d---------+ 1 takimoto none 0 Feb 26 12:46 tmpdir
$ getfacl tmpdir
# file: tmpdir
# owner: takimoto
# group: none
user::---
group::---
other::---
default:user::rwx
default:group::r-x
default:other::r-x
This fails as expected:
$ ls -l tmpdir
ls: cannot open directory 'tmpdir': Permission denied
But the followings succeed (should fail, I believe):
$ ls -l tmpdir/afile
-rw-r--r-- 1 takimoto none 0 Feb 26 12:46 tmpdir/afile
$ stat tmpdir/afile
File: tmpdir/afile
Size: 0 Blocks: 0 IO Block: 65536 regular empty file
Device: d05d00abh/3495755947d Inode: 14636698789089092 Links: 1
Access: (0644/-rw-r--r--) Uid: (197609/takimoto) Gid: (197121/ none)
Access: 2020-02-26 12:46:12.478966400 +0900
Modify: 2020-02-26 12:46:12.478966400 +0900
Change: 2020-02-26 12:46:12.464849300 +0900
Birth: 2020-02-26 12:46:12.464849300 +0900
Does this happen only for me? Should I set some ACL properly?
I removed default ACL from tmpdir but the results are the same.
I confirmed (by a simple C code) that the stat(3p) system call
(or library function) succeeds for 'tmpdir/afile'.
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: directory without search permission is searchable?
2020-02-26 5:30 directory without search permission is searchable? Jun T
@ 2020-02-26 7:42 ` Thomas Wolff
2020-02-26 10:54 ` Corinna Vinschen
0 siblings, 1 reply; 5+ messages in thread
From: Thomas Wolff @ 2020-02-26 7:42 UTC (permalink / raw)
To: cygwin
Am 26.02.2020 um 06:29 schrieb Jun T:
> It seems 'ls -l dir/file' or 'stat dir/file' succeeds even if
> I don't have read/search permission for the 'dir'.
>
> Create a directory and a file in it:
>
> $ mkdir tmpdir
> $ ls -ld tmpdir
> drwxr-xr-x+ 1 takimoto none 0 Feb 26 12:46 tmpdir
> $ touch tmpdir/afile
> $ ls -l tmpdir/afile
> -rw-r--r-- 1 takimoto 0 none Feb 26 12:46 tmpdir/afile
>
> Remove all permissions from tmpdir:
>
> $ chmod 0000 tmpdir
> $ ls -ld tmpdir
> d---------+ 1 takimoto none 0 Feb 26 12:46 tmpdir
> $ getfacl tmpdir
> # file: tmpdir
> # owner: takimoto
> # group: none
> user::---
> group::---
> other::---
> default:user::rwx
> default:group::r-x
> default:other::r-x
>
> This fails as expected:
>
> $ ls -l tmpdir
> ls: cannot open directory 'tmpdir': Permission denied
>
> But the followings succeed (should fail, I believe):
>
> $ ls -l tmpdir/afile
> -rw-r--r-- 1 takimoto none 0 Feb 26 12:46 tmpdir/afile
> $ stat tmpdir/afile
> File: tmpdir/afile
> Size: 0 Blocks: 0 IO Block: 65536 regular empty file
> Device: d05d00abh/3495755947d Inode: 14636698789089092 Links: 1
> Access: (0644/-rw-r--r--) Uid: (197609/takimoto) Gid: (197121/ none)
> Access: 2020-02-26 12:46:12.478966400 +0900
> Modify: 2020-02-26 12:46:12.478966400 +0900
> Change: 2020-02-26 12:46:12.464849300 +0900
> Birth: 2020-02-26 12:46:12.464849300 +0900
>
> Does this happen only for me?
To confirm, I noticed this before.
> Should I set some ACL properly?
>
> I removed default ACL from tmpdir but the results are the same.
>
> I confirmed (by a simple C code) that the stat(3p) system call
> (or library function) succeeds for 'tmpdir/afile'.
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: directory without search permission is searchable?
2020-02-26 7:42 ` Thomas Wolff
@ 2020-02-26 10:54 ` Corinna Vinschen
2020-02-26 16:10 ` Jun-ichi Takimoto
0 siblings, 1 reply; 5+ messages in thread
From: Corinna Vinschen @ 2020-02-26 10:54 UTC (permalink / raw)
To: cygwin
[-- Attachment #1: Type: text/plain, Size: 2562 bytes --]
On Feb 26 08:42, Thomas Wolff wrote:
> Am 26.02.2020 um 06:29 schrieb Jun T:
> > It seems 'ls -l dir/file' or 'stat dir/file' succeeds even if
> > I don't have read/search permission for the 'dir'.
> >
> > Create a directory and a file in it:
> >
> > $ mkdir tmpdir
> > $ ls -ld tmpdir
> > drwxr-xr-x+ 1 takimoto none 0 Feb 26 12:46 tmpdir
> > $ touch tmpdir/afile
> > $ ls -l tmpdir/afile
> > -rw-r--r-- 1 takimoto 0 none Feb 26 12:46 tmpdir/afile
> >
> > Remove all permissions from tmpdir:
> >
> > $ chmod 0000 tmpdir
> > $ ls -ld tmpdir
> > d---------+ 1 takimoto none 0 Feb 26 12:46 tmpdir
> > $ getfacl tmpdir
> > # file: tmpdir
> > # owner: takimoto
> > # group: none
> > user::---
> > group::---
> > other::---
> > default:user::rwx
> > default:group::r-x
> > default:other::r-x
> >
> > This fails as expected:
> >
> > $ ls -l tmpdir
> > ls: cannot open directory 'tmpdir': Permission denied
> >
> > But the followings succeed (should fail, I believe):
> >
> > $ ls -l tmpdir/afile
> > -rw-r--r-- 1 takimoto none 0 Feb 26 12:46 tmpdir/afile
> > $ stat tmpdir/afile
> > File: tmpdir/afile
> > Size: 0 Blocks: 0 IO Block: 65536 regular empty file
> > Device: d05d00abh/3495755947d Inode: 14636698789089092 Links: 1
> > Access: (0644/-rw-r--r--) Uid: (197609/takimoto) Gid: (197121/ none)
> > Access: 2020-02-26 12:46:12.478966400 +0900
> > Modify: 2020-02-26 12:46:12.478966400 +0900
> > Change: 2020-02-26 12:46:12.464849300 +0900
> > Birth: 2020-02-26 12:46:12.464849300 +0900
> >
> > Does this happen only for me?
> To confirm, I noticed this before.
This is Windows for you:
https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/bypass-traverse-checking
The default is to bypass traverse checking for *all* users. If you
change this in the "Local Security Policy" for a user, bad things happen,
as described in the "Potential impact" section in thew above document.
Way back when we had code in Cygwin which enabled traverse checking for
a while. It always resulted in problems, so we reverted it. I always
planned to reenable that in a lean way, that is, only at "open file on
NTFS" rather than the original "always on as soon as the process
starts", but I never got around to it. In fact, it doesn't make much
sense to disallow Cygwin processes access to files, a native Windows
process can easily access, so I scratched the idea.
Corinna
--
Corinna Vinschen
Cygwin Maintainer
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: directory without search permission is searchable?
2020-02-26 10:54 ` Corinna Vinschen
@ 2020-02-26 16:10 ` Jun-ichi Takimoto
2020-02-26 16:16 ` Corinna Vinschen
0 siblings, 1 reply; 5+ messages in thread
From: Jun-ichi Takimoto @ 2020-02-26 16:10 UTC (permalink / raw)
To: cygwin
> 2020/02/26 19:54, Corinna Vinschen <corinna-cygwin@cygwin.com> wrote:
>
> The default is to bypass traverse checking for *all* users.
Thanks.
The reason I asked about this is:
zsh recently added a test to confirm that a glob pattern "*/" does NOT
include "dir/" if the directory "dir" has no search permission.
This test fails on Cygwin.
A patch to skip this test on Cygwin:
http://www.zsh.org/mla/workers/2020/msg00317.html
I will soon push this to zsh git master.
Jun
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: directory without search permission is searchable?
2020-02-26 16:10 ` Jun-ichi Takimoto
@ 2020-02-26 16:16 ` Corinna Vinschen
0 siblings, 0 replies; 5+ messages in thread
From: Corinna Vinschen @ 2020-02-26 16:16 UTC (permalink / raw)
To: cygwin
[-- Attachment #1: Type: text/plain, Size: 716 bytes --]
On Feb 27 01:10, Jun-ichi Takimoto wrote:
>
> > 2020/02/26 19:54, Corinna Vinschen <corinna-cygwin@cygwin.com> wrote:
> >
> > The default is to bypass traverse checking for *all* users.
>
> Thanks.
>
> The reason I asked about this is:
> zsh recently added a test to confirm that a glob pattern "*/" does NOT
> include "dir/" if the directory "dir" has no search permission.
> This test fails on Cygwin.
Yeah, that's expected. Even with Cygwin it's still Windows under
the hood :)
> A patch to skip this test on Cygwin:
> http://www.zsh.org/mla/workers/2020/msg00317.html
> I will soon push this to zsh git master.
Great, thanks!
Corinna
--
Corinna Vinschen
Cygwin Maintainer
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2020-02-26 16:16 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-02-26 5:30 directory without search permission is searchable? Jun T
2020-02-26 7:42 ` Thomas Wolff
2020-02-26 10:54 ` Corinna Vinschen
2020-02-26 16:10 ` Jun-ichi Takimoto
2020-02-26 16:16 ` Corinna Vinschen
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).